Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-06-06 16:45:39 +00:00
Code Issues Projects Releases Packages Wiki Activity

script_bindings: Check for null pointer before dereferencing proxy handler custom data (#36869)

Browse source 
While the vast majority of DOM proxy objects created have a non-null
pointer in the handler's extra data field, there is one place we create
a proxy object that has a null pointer:
8b05b7449d/components/script/window_named_properties.rs (L76)
. Before #36818, dereferencing this null pointer was undefined behaviour
that was silently being ignored; now that Rust 1.86 adds debug pointer
validity checks, we get a panic when trying to dereference it.

Testing: Tested about:memory with rustc 1.86.

---------

Signed-off-by: Josh Matthews <josh@joshmatthews.net>
This commit is contained in:
Josh Matthews 2025-05-06 02:08:31 -04:00 committed by GitHub
parent 8b05b7449d
commit 3b806ca424
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
components/script_bindings/conversions.rs
View file

@ -245,6 +245,9 @@ pub unsafe fn get_dom_class(obj: *mut JSObject) -> Result<&'static DOMClass, ()>
if is_dom_proxy(obj) {
trace!("proxy dom object");
let dom_class: *const DOMClass = GetProxyHandlerExtra(obj) as *const DOMClass;
if dom_class.is_null() {
return Err(());
}
return Ok(&*dom_class);
}
trace!("not a dom object");